How do I enable mTLS on the NSP mediation interface?
Purpose
Perform this procedure to enable two-way TLS authentication using mTLS on the network mediation interface of an NSP cluster.
Note: You must perform the procedure in each NSP cluster.
Steps
1 |
Log in as the root user on the NSP deployer host. |
2 |
Open a console window. |
3 |
Open the following file using a plain-text editor such as vi: /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml |
4 |
Configure the following parameters in the nsp—modules—mdm section of the file: mtls: enabled: true mtlsCACert: "CA_cert" mtlsClientCert: "client_cert" mtlsKey: "client_key" mtlsKeyAlgorithm: "RSA" where CA_cert is the absolute path of the CA certificate file client_cert is the absolute path of the client certificate file client_key is the absolute path of the client key file |
5 |
Save and close the file. |
6 |
Enter the following to put the configuration change into effect: Note: The command causes a restart of each MDM pod in the cluster, but is not service-affecting. Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the command, as shown in the following examples, and are subsequently prompted for the root password of each cluster member: nspdeployerctl --ask-pass install --config –-deploy # /opt/nsp/NSP-CN-DEP-release-ID/bin/nspdeployerctl install --config --deploy ↵ mTLS is enabled on the cluster mediation interface. |
7 |
Close the console window. End of steps |